Snort mailing list archives
RE: Whisker Head?
From: Thomas Whipp <tkw () objectronix co uk>
Date: Fri, 22 Jun 2001 10:23:00 +0100
I used to see a LOT of these from proxy servers at a certain well known UK ISP (I belive they where NetApp's) - as far as I can tell these servers sometimes (always?) use a head to check the last modified date of content before serving it to a user. Tom
-----Original Message----- From: Sheahan, Paul (PCLN-NW)
[mailto:Paul.Sheahan () priceline com]
Sent: 22 June 2001 07:22 To: 'Snort-users () lists sourceforge net' Subject: [Snort-users] Whisker Head? I see quite a few "WEB-MISC Whisker HEAD" alerts on a
daily
basis in my Snort alert log. I read into it and apparently the whisker
scanner can
request web pages using HEAD instead of GET. When I look at the traces of machines that attempted to
pull
some pages using HEAD, the pages look like a standard web page, and nothing looks out of the norm other than the word HEAD (instead of GET). My question is, is HEAD ever used during normal activity, or is it definitely
a sign of
Whisker? Because the URL being retrieved looks normal, I
was
thinking maybe could have been valid traffic? Or does whisker pull valid pages so all looks normal, meanwhile it is gathering other vulnerability
related info?
Thanks _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Whisker Head? Sheahan, Paul (PCLN-NW) (Jun 21)
- <Possible follow-ups>
- RE: Whisker Head? Thomas Whipp (Jun 22)
- Re: Whisker Head? Vitaly Osipov (Jun 22)